Companies Adding Privacy Officers

WASHINGTON (AP) _ Earlier this year, a Microsoft developer proposed asking for a customer’s age and gender as a requirement for subscribing to a new e-mail newsletter.

Despite how frequently Internet users disclose personal information, from income to e-mail addresses, the idea stopped at Richard Purcell’s door.

``It was irrelevant for the newsletter, and I vetoed it happily,″ said Purcell, Microsoft’s director of corporate privacy, who reports directly to Bob Herbold, the company’s chief operating officer.

Purcell’s broad veto power is an example of a shift in corporate priorities, both in Internet companies and traditional ones. The title of Chief Privacy Officer, as the post is commonly called, is in very high demand from corporate headhunters.

With consumers increasingly concerned about their privacy and new technology able to track Internet users click by click, companies are rapidly hiring privacy officers and giving them broad powers to set policies, protecting consumers from invasion and companies from public relations nightmares.

In many cases, these privacy officers are near the top of the corporate structure. And their hiring has become a litmus test for a company’s dedication to customer privacy.

``Privacy went from being a minor issue in most companies, to something that could threaten their basic revenue model, or make their costly merger turn to dust,″ explained Alan Westin, a privacy expert who helped a congressional committee write the Privacy Act of 1974.

Westin said companies failed to fully address the issue for two decades. But that’s changed because of recent lawsuits by consumers and the government alleging loss of privacy and high-profile publicity surrounding how easy it is to track people with technology.

To deal with the growth, Westin has created a training course for new privacy officers.

Lance Hoffman, a computer science professor at George Washington University and the head of the university’s Cyberspace Policy Institute, which studies security, e-commerce and intellectual property issues, said privacy officers are being hired from universities and promoted from government affairs and policy positions within companies.

``It attracts people who have a knowledge of history and law,″ Hoffman said. ``They know something about technology, and they can’t get techno-dazzled by explanations that don’t hold water. They appreciate what technology can do for good and for evil.″

AT&T’s privacy officer Michael Lamb reports to the company’s general counsel, Jim Ciccone. ``If they don’t comply, I go to the CEO,″ he said. ``We will not roll out a service where we do not comply with our privacy policy.″

In 1994, Shelley Harms became the executive director for public policy and privacy for Verizon Communications, the company created by the merger of Bell Atlantic and GTE.

Harms, a public policy lawyer, helped develop the company’s privacy principles. For a company as far-reaching as Verizon, the temptation to use its customer base against rivals can be powerful.

``We had a tradition as the monopoly provider of telephone service, and privacy was just part of that,″ Harms said. ``When competition came, we started to think about using customer information.″

But her job is to turn co-workers away from that temptation, which can damage a company more than any rival. ``That’s not what we do,″ she adds.

Privacy issues are reaching courts in growing numbers, and can have crippling effects on a company.

On Monday, the Federal Trade Commission sued the now-defunct Toysmart.com Web site for attempting to sell its customer information along with the rest of its assets.